HTML5 deanonymization attacks

Marco Bonetti marco.bonetti at slackware.it
Fri Nov 20 08:16:30 UTC 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mike Perry wrote:
> Do you have the test cases for the offline application protocol
> handler registration? I'm curious if Torbutton will still block them
> from bypassing the proxy or delaying themselves from running until
> post-toggle, even if you click to allow the application to run. I
> think it should still be blocked from doing anything terrible, but it
> would be nice to know for sure.
I can do some tests on protocol handler and not-Tor friendly protocols
like ftp, TorButton is doing a great job here with the big ugly warning
but, as told at the talk, who cares about big ugly warning nowadays? ;-)

> In general, it would be really nice if we could have all your test
> cases online so I can link them from the Torbutton Design Document, as
> we have done with other research like yours. The hope is that one day
> someone will consolidate all them into a good browser anonymity and
> privacy validation framework (decloak.net and deanonymizer.com are
> great starts, but still aren't totally complete).
I'm hosting them at my home machine right now, I've already contacted H.
D. Moore about an inclusion into his decloak.net suite but, you know,
he's pretty busy right now with the framework release. I can pack up
every file in a tarball and offer it from slackware.it.

> Also, I'm curious about your comments about the differences in
> implementation of video, audio and source tags in Firefox 3.6b.
I only take a super fast look at Firefox 3.6b as it was released too
close to the conference :D
There's the fullscreen video support and... dunno, maybe the new css
fonts support may be interesting. The only thing I double checked was
the poster attribute support.

> And finally the comment: Torbutton 1.2.3 will address the geolocation
> issue and a few others in Firefox 3.5. I am closing out bugs in
> flyspray preparing for a release hopefully this weekend.
great, keep up the work, TorButton rocks :)

ciao

- --
Marco Bonetti
Slackintosh Linux Project Developer: http://workaround.ch/
Linux-live for powerpc: http://workaround.ch/pub/rsync/mb/linux-live/

My GnuPG key id: 0x0B60BC5F
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAksGUF4ACgkQTYvJ9gtgvF/sAQCgjO3EnvgPpCe1oOVCevMlPN1N
wU0AoMY2S6oNGdFfOCUADlu7jo+Zbifk
=0eTW
-----END PGP SIGNATURE-----
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/



More information about the tor-talk mailing list